Spring Security DataTargetVisitor should be package private to support AOT

AuthorizeProxyDataConfiguration exposes a private class as a bean:

@Bean
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
DataTargetVisitor dataTargetVisitor() {
    return new DataTargetVisitor();
}

This needs to change to package-private so that the generated AOT class can construct the bean without reflection.